Skip to main content
See how one business cut compliance costs by 20% and manual work by 60%—all by leveraging EntityKeeper Full-Service. Read their story.
Sign in

SSO for EntityKeeper Using SAML Configuration

Client Success

Enable SAML at https://app.entitykeeper.com

 

1. Open the “Accounts” page at https://app.entitykeeper.com/accounts

 

2. Open “Account Settings”.

 

3. Remember your account id. It’s shown in the URL. It’s 435 in our example.

 

4. Go to your identity provider to configure the SAML application there.

 

5. Enable SAML SSO (tick off the checkbox), populate the URL & certificate fields with the data from your identity provider.

 

6. Optionally enable Require SAML Login. When enabled, users can access this account only by logging in via SAML; password-based login will not allow access. This option is available only if you are currently logged in via SAML.

 

7. Click on the “Save” button.

 

8. That’s all.

 

Just-in-Time User Provisioning

SAML authentication supports Just-in-Time User Provisioning (JIT). JIT provisioning is a method of automating user account creation for web applications. It uses the SAML (Security Assertion Markup Language) protocol to pass information from the identity provider to web applications.

So, when a new user tries to log in to an authorized app for the first time, they trigger the flow of information from the identity provider to the app that’s needed to create their account.

 

Add EntityKeeper as a Service Provider

You must also add EntityKeeper as a service provider with your identity provider. Adding EntityKeeper as a service provider requires the following values.

 

 

Azure Active Directory as a SAML IDP

 

1. On the “Home” screen, click the “Azure Active Directory” button.

  • The “Overview” screen for Azure Active Directory appears.

 

2. In the menu on the left, click on “Enterprise applications”

  • The “Enterprise applications” screen lists all your existing applications.

 

3. Click the “New application” button.

  • The “Browse Azure AD Gallery” screen appears.

 

4. Click on “Create your own application”.

  • The “Create your own application” form appears on the right side of the screen.

 

5. In the “Input name” field, specify a name for your application, e.g. “EntityKeeper”.

  • Select the “Integrate any other applications you don’t find in the gallery (Non-gallery)” option and click on the “Create” button.
  • After your application is created, Azure shows an “Overview” screen.

 

6. In the “Getting Started” section, go to “Set up single sign on” and click on “Get started”.

  • The “Single sign-on” screen appears.

 

7. Under “Select a single sign-on method”, click on “SAML”.

  • The “SAML-based Sign-on” screen appears.

 

8. In the “Basic SAML Configuration” section, click the “Edit” button.

  • On the right side of the screen, the “Basic SAML Configuration” form opens.

 

9. Click on “Add identifier”. In the “Add identifier” field specify the “Identifier (Entity ID)”.

  • Click on “Add reply URL”. In the “Add reply URL” field specify the “Reply URL (Assertion Consumer Service URL)”.

Example:

Click the “Save” button.

 

10. In the “Attributes and claims” section, click the “Edit” button.

  • The “Attributes and Claims” screen opens.

 

11. In the “Required Claim” section, click on the claim name.

  • The “Manage claim” screen appears.

 

12. Set the “Name identifier format” to “Email address”. Set the “Source attribute” to “user.mail”.

  • Click the “Save” button to return to the “Attributes and Claims” window.

 

13. Remove the existing additional claims, choosing the “...” context menu and selecting “Delete” for each of the claims.

 

14. Click on the “Add New Claim” button. The “Manage claim” screen appears. In the “Name” field specify “first_name” and set the “Source” to “user.givenname”.

  • Click on the “Save” button.

 

15. Click on the “Add New Claim” button. The “Manage claim” screen appears. In the “Name” field specify “last_name” and set the “Source” to “user.surname”.

  • Click on the “Save” button.

 

16. Close the “Attributes and Claims” panel and return to the “SAML-based Sign-on” screen.

 

17. Scroll down to the “SAML Signing Certificate” section, and click the “Edit” button.

 

18. Choose the “...” context menu and select “PEM certificate download”.

 

19. Open the downloaded certificate file in an editor, copy it, including “-----BEGIN CERTIFICATE-----” and “-----END CERTIFICATE-----” lines.

  • Paste it into the “IdP Certificate” field of account settings at app.entitykeeper.com

 

20. On the menu on the left click on the “Properties”

  • Copy the “User access URL” and paste it into the “IdP SSO Service URL” field of account settings at app.entitykeeper.com

 

21. Assign a user or a group to the application, go to the “Manage” menu on the left and click on “Users and Groups”.

  • On the “Users and Groups” screen, click on the “Add user/group” button.
  • The “Add Assignment” screen appears.
  • It is important to note that if your plan level allows for groups, you can assign groups or users to the application. If you have a free plan, you can assign users but not groups.
  • This example shows how to assign users. The process for assigning groups is similar.

 

22. Click on “None Selected”.

  • The “Users” panel opens on the right of the screen.
  • Click on a user in the list, then click the “Select” button.

 

23. The “Add Assignment” screen updates to say “1 user selected”.

  • Click the “Assign” button.
  • The list on the “Users and Groups” screen updates. Now it includes the user or group you assigned.

 

24. Users applications are at https://myapps.microsoft.com/

Was this article helpful?
0 out of 0 found this helpful
Return to top

Related articles